| Subject | Re: Stored procedures |
|---|---|
| Author | Svein Erling |
| Post date | 2003-09-03T10:54Z |
Antonin,
I think you may be confusing stored procedures with user defined functions. Stored procedures are quite harmless (basically allowing for data manipulation), whereas UDFs may or may not be.
Preventing users from creating UDFs should be simple, as far as I know they must physically exist in either the default UDF directory or within a directory specified in a configuration file. Just protect these directories and the configuration file and you should be safe. By the way, users may expect IB_UDF and FBUDF to be in the UDF directory since these contain useful UDFs (e.g. SUBSTR and DIV).
Note that I have no knowledge of running servers at all, but at this list others will normally object if what I write is incorrect.
Set
I think you may be confusing stored procedures with user defined functions. Stored procedures are quite harmless (basically allowing for data manipulation), whereas UDFs may or may not be.
Preventing users from creating UDFs should be simple, as far as I know they must physically exist in either the default UDF directory or within a directory specified in a configuration file. Just protect these directories and the configuration file and you should be safe. By the way, users may expect IB_UDF and FBUDF to be in the UDF directory since these contain useful UDFs (e.g. SUBSTR and DIV).
Note that I have no knowledge of running servers at all, but at this list others will normally object if what I write is incorrect.
Set
--- In firebird-support@yahoogroups.com, "Antonin Karasek" wrote:
> Hello everybody,
> is it possible to deny users to execute stored procedures including
> it's own procedures? I own an webhosting server and don't want
> allow users to execute any binary code...
>
> Many thanks